Commit 969afb11 authored by chirac's avatar chirac

Merge branch 'improve-configuration-file' into 'master'

Add parameters for tls and knot

See merge request re2o/dns!1
parents 0970c4f2 27f52af5
......@@ -6,10 +6,24 @@ This service uses Re2o API to generate DNS zone files
## Requirements
* python3
* knot
* knot (only if using knot)
* requirements in https://gitlab.federez.net/re2o/re2oapi
## Scripts
* `main.py`: Generates the zone files and reloads the zones
* `dnssec_generate.py`: Generate the DS records for the zones in `dnssec_domains.json` and writes them to `dnssec.json`
## Configuration file
The template of the configuration file is given in `config.ini.example`. You should copy it into `config.ini` and modify at least the first 3 paramters :
| Parameter | Default value | Description |
|------------|--------------------|--------------------------------|
| `hostname` | `re2o.example.net` | Hostname of your re2o instance |
| `username` | `my_api_username` | Username to access the api |
| `password` | `my_api_password` | Password to access the api |
| `use_tls` | `true` | Use TLS to connect to the api |
| `use_knot` | `false` | Use knot specific commands |
For boolean parameters, according to https://docs.python.org/3/library/configparser.html, 'yes'/'no', 'on'/'off', 'true'/'false' and '1'/'0' are valid parameters.
......@@ -2,3 +2,5 @@
hostname = re2o.example.net
username = my_api_username
password = my_api_password
use_tls = true
use_knot = false
......@@ -11,7 +11,6 @@ import sys
from re2oapi import Re2oAPIClient
import knot
path = os.path.dirname(os.path.abspath(__file__))
......@@ -21,6 +20,11 @@ config.read(path+'/config.ini')
api_hostname = config.get('Re2o', 'hostname')
api_password = config.get('Re2o', 'password')
api_username = config.get('Re2o', 'username')
use_tls = config.getboolean('Re2o', 'use_tls')
use_knot = config.getboolean('Re2o', 'use_knot')
if use_knot:
import knot
template_soa = (
"$ORIGIN {zone}.\n"
......@@ -217,7 +221,7 @@ def write_dns_file(zone, verbose=False):
for x in zone['dname_records']
)
if zone['name'][1:] == "crans.org":
if use_knot and zone['name'][1:] == "crans.org":
ds_records = ""
for extension in filter(lambda zone: zone.endswith('.crans.org'), zone_names):
for ds in knot.get_ds(extension, verbose):
......@@ -275,7 +279,6 @@ def write_dns_reverse_file(api_client):
# because some iptype may share the same prefix
# in which case we must append to the file zone already created
zone_v6 = []
for zone in api_client.list("dns/reverse-zones"):
# We start by defining the soa, ns, mx which are comon to v4/v6
now = datetime.datetime.now(datetime.timezone.utc)
......@@ -413,7 +416,7 @@ def write_dns_reverse_file(api_client):
f.write(zone_file_content)
zone_v6.append(zone6_name)
api_client = Re2oAPIClient(api_hostname, api_username, api_password, use_tls=False)
api_client = Re2oAPIClient(api_hostname, api_username, api_password, use_tls=use_tls)
client_hostname = socket.gethostname().split('.', 1)[0]
......@@ -422,7 +425,8 @@ if __name__ == '__main__':
parser.add_argument('-f', '--force', '--forced', help="Forcer la régénaration des fichiers de zone.", action='store_true')
parser.add_argument('-k', '--keep', help="Ne pas changer le statut du service.", action='store_true')
parser.add_argument('-p', '--processes', help="Regénérer en utilisant n processus en parallèle (par défaut ne pas parallèliser).", metavar='n', nargs=1, type=int, default=[0])
parser.add_argument('-n', '--no-reload', help="Ne pas recharger les zones dans knot.", action='store_true')
if use_knot:
parser.add_argument('-n', '--no-reload', help="Ne pas recharger les zones dans knot.", action='store_true')
parser.add_argument('-v', '--verbose', help="Afficher des informations de debug.", action='store_true')
args = parser.parse_args()
......@@ -452,7 +456,7 @@ if __name__ == '__main__':
with open(path + '/serial.json', 'w') as serial_json:
json.dump(serial + 1, serial_json)
if not args.no_reload:
if use_knot and not args.no_reload:
error = os.system('/usr/sbin/knotc zone-reload >/dev/null 2>&1')
if error:
# reload again and display the error message
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment